jackrabbit-oak-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tobias Bocanegra (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (OAK-3324) Evaluation with restriction is not consistent with parent ACLs
Date Fri, 04 Sep 2015 16:44:45 GMT

     [ https://issues.apache.org/jira/browse/OAK-3324?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Tobias Bocanegra resolved OAK-3324.
       Resolution: Fixed
    Fix Version/s: 1.4

fixed in r1701290 by applying the same logic to permissions that respect the parent entry
that is used for permissions that only respect the privileges on the entry.

> Evaluation with restriction is not consistent with parent ACLs
> --------------------------------------------------------------
>                 Key: OAK-3324
>                 URL: https://issues.apache.org/jira/browse/OAK-3324
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 1.3.4
>            Reporter: Tobias Bocanegra
>            Assignee: Tobias Bocanegra
>             Fix For: 1.4
> consider the following ACL setup:
> {noformat}
> testuser allow rep:read,rep:write      /testroot
> testuser deny  jcr:removeNode /testroot/a  glob=*/c
> testuser allow jcr:removeNode /testroot/a  glob=*/b
> {noformat}
> now: {{hasPermission(/tesroot/a/b/c, jcr:removeNode) == false}} but the user is still
able to delete the node.
> * if we change the order of the ACEs with the restriction, it works (i.e. the user can't
> * if we use direct ACLs on the respective nodes, it works
> I think this is a bug...but I'm not sure if {{hasPermission}} is wrong, or the check
during node deletion.

This message was sent by Atlassian JIRA

View raw message